forums.wsusoffline.net

[Denniss]

15/01/2013 19:37:43,64 - Warning: Deleted unsigned file "E:\Portable\WSUS Offline Update\client\w61\glb\windows6.1-KB976932-X86.exe"

Your download system is/was most likely missing an update for root certificates thus causing the deletion of some files.

[GlacialMan]

Using the WSUS Generator, in both jobs I selected all checks (only italian where the language is selectable) except:

Win Server
Win XP x64
Create ISO
x86-cross-product
Clean up target directory

and during the second job was unexpectedly downloaded something, this can happen due to connection errors, I think, otherwise it could be a bug of WSUS Generator, is possible to determine it from the report?

[boco]

Corrupt or truncated files fail the signature check from MS. This will cause WSUSOU to delete them and you'll get the warning in the log. Not a bug, but by design. On a re-run the missing file will be downloaded again.

You should take the question dialog serious WSUSOU displays at the end: ''Would you like to check the log file for possible warnings now?'' Do it and sneek over the log to spot warnings.

[aker]

Installing the file .\client\win\glb\rootsupd.exe should fix this bug.

[boco]

It's kind of a ''chicken-egg'' problem. WSUSOU installs the latest rootsupd and rvkroots during it's normal course of action. However, you need to install rootsupd manually on the downloading machine so the signature check works correctly.

I think it would make absolute sense to check for and update the root certificates on the downloading machine before trying to download anything.

[GlacialMan]

If highly recommended, the program should do this before starting downloads. Sorry for my english, I hope it's understandable.

[GlacialMan]

Hi everyone,

some time has passed and WSUS Offline Update has grown a lot. Before starting UpdateGenerator.exe, I always use the following instructions:

cmd\RemoveGermanLanguageSupport.cmd
cmd\AddOffice2010x64Support ita
cmd\AddCustomLanguageSupport ita
del client\md\hashes-msse.txt

are still valid? I have to change something? thanks and good job.

[aker]

They are. But as far as I know, you don't need that del-command.

[hbuhrmester]

It's kind of a ''chicken-egg'' problem. WSUSOU installs the latest rootsupd and rvkroots during it's normal course of action. However, you need to install rootsupd manually on the downloading machine so the signature check works correctly.

I think it would make absolute sense to check for and update the root certificates on the downloading machine before trying to download anything.

To validate downloads from Microsoft, you only need the certificate of Microsoft, not a complete, up-to-date list of all other certificates. The certificate of Microsoft won't change that often.

I even got the impression, that Sysinternals Sigcheck comes with the Microsoft certificate already built-in. If you run it on Linux with the wine emulator, it just works without installing or updating any certificates:

Code: Select all

$ wine ../bin/sigcheck.exe -q ../bin/sigcheck.exe
Z:\home\anwender\Desktop\wsusoffline954\bin\sigcheck.exe:
   Verified:   Signed
   Signing date:   23:45 28.04.2014
   Publisher:   Microsoft Corporation
   Description:   File version and signature viewer
   Product:   Sysinternals Sigcheck
   Prod version:   2.1
   File version:   2.1
   MachineType:   32-bit

To validate a download, you only need the "public key" of the certificate. This public key can be freely distributed. You need a hidden private key, to sign the files.

https://en.wikipedia.org/wiki/Public_key

Greetings

PS
Another test:

Code: Select all

$ wine sigcheck.exe -i -q sigcheck.exe
Z:\home\anwender\Desktop\wsusoffline\bin\sigcheck.exe:
        Verified:       Signed
        Catalog:        Z:\home\anwender\Desktop\wsusoffline\bin\sigcheck.exe
        Signers:
           Microsoft Corporation
                Status:         Valid
                Valid Usage:    Code Signing
                Serial Number:  33 00 00 00 CA 6C D5 32 12 35
                                C4 E1 55 00 01 00 00 00 CA
                Thumbprint:     67B1757863E3EFF760EA9EBB02849AF07D3A8080
                Algorithm:      SHA1
                Valid from:     19:39 22.04.2014
                Valid to:       19:39 22.07.2015
           Microsoft Code Signing PCA
                Status:         Valid
                Valid Usage:    All
                Serial Number:  61 33 26 1A 00 00 00 00 00 31
                Thumbprint:     3CAF9BA2DB5570CAF76942FF99101B993888E257
                Algorithm:      SHA1
                Valid from:     00:19 01.09.2010
                Valid to:       00:29 01.09.2020
           Microsoft Root Certificate Authority
                Status:         Valid
                Valid Usage:    All
                Serial Number:  79 AD 16 A1 4A A0 A5 AD 4C 73
                                58 F4 07 13 2E 65
                Thumbprint:     CDD4EEAE6000AC7F40C3802C171E30148030C072
                Algorithm:      SHA1
                Valid from:     01:19 10.05.2001
                Valid to:       01:28 10.05.2021
        Signing date:   23:45 28.04.2014
        Publisher:      Microsoft Corporation
        Description:    File version and signature viewer
        Product:        Sysinternals Sigcheck
        Prod version:   2.1
        File version:   2.1
        MachineType:    32-bit